Download the PHP package aliirfaan/laravel-simple-jwt without Composer
On this page you can find all versions of the php package aliirfaan/laravel-simple-jwt. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package laravel-simple-jwt
Laravel Simple JWT
This package allows you to generate JSON Web Tokens. You can then verify the JWT code and grant access based on its validity. You can also use the optional refresh token flow for long lived sessions. You can generate and verify JWT directly inside a controller or use the provided authentication guard.
JWT flow
- User logs in and gets a JWT with custom claims
- For each request consumer sends JWT
- App verifies JWT and allow of disallow user based on validity
Refresh token flow
- User logs in and gets a JWT with custom claims and also gets a refresh token with an expiry date
- For each request consumer sends JWT, refresh token is extended and gets a later expiry date
- If JWT expires, consumer sends refresh token
- App checks if refresh token is expired
- If refresh token is not expired, issue a JWT and extend refresh token
Features
- Multiple JWT profiles. Each profile can have its own expiry, secret, etc...
- Generate JWT with custom claim
- Public claims can be included/overridden on generation
- Verify JWT
- Configuration for JWT expiry
- Refresh token flow after JWT expires
- Extend refresh token everytime the application is used so that user is not logged out
- Blacklist user so that token is not refreshed
- Authentication guard to authenticate users
Requirements
Installation
You can install this package on an existing Laravel project with using composer:
Register the ServiceProvider by editing config/app.php file and adding to providers array:
Note: use the following for Laravel <5.1 versions:
Publish files with:
or by using only php artisan vendor:publish and select the aliirfaan\LaravelSimpleJwt\SimpleJwtServiceProvider from the outputted list.
Apply the migrations:
Configuration
This package publishes an simple-jwt.php file inside your applications's config folder which contains the settings for this package. Most of the variables are bound to environment variables, but you are free to directly edit this file, or add the configuration keys to the .env file.
The configurations are encapsulated in a profiles array with a 'default' profile available. You can add new profiles by adding a new array key.
jwt_secret | String Secret key to use to encode JWT. You can generate one using an online service (https://mkjwk.org/) or package.
jwt_algo | String Name of supported hashing algorithm
jwt_issuer | String Name of authority issuing JWT, normally your application name
jwt_audience | String Name of resource server that will accept the claim, normally application url
jwt_does_expire | Bool (true or false) Whether the jwt expires
jwt_ttl_seconds | Numeric Number of seconds after which the JWT expires if jwt_does_expire is set to true
jwt_leeway_seconds | Numeric When checking nbf, iat or expiration times, we want to provide some extra leeway time to account for clock skew
jwt_refresh_should_extend | Bool (true or false) Whether we should automatically extend the JWT refresh token
jwt_refresh_ttl_days | Numeric Number of days to extend refresh token expiry
Usage
New profile
Middleware usage
You can verify the jwt in a route middleware like below. Do not forget to register you middleware.
Guard usage
To use the guard, add it in your auth config
License
The MIT License (MIT)
Copyright (c) 2020
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
